Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Cyber Risk Management
“Cyber threats collectively now exceed the danger of physical attacks against us. This is a major sea change for my department and for
our country’s security.”Former DHS Secretary Nielsen
Emerging Technology / Increased Risks
Cyber Risk Management
• Coast Guard Cyber Strategy(June 2015)
- Strategic Priorities:1. Defending Cyberspace2. Enabling Operations
3. Protecting Infrastructure
Cyber Risk Awareness
1) Conduct a Risk Assessment2) Identify or Adopt Best Practices3) Secure the Supply Chain4) Measure Progress5) Revise and Improve Security
Cyber Risk Management• CG-5P Policy Letter 08-16
– Reporting Suspicious Activity & Breaches of Security• Criteria for reporting BoS and/or SA for both
physical & cyber related events
• SA: Large, sustained cyber attacks in an apparent attempt to exploit them
• Reports to the NRC
• National Cybersecurity & Communications Integration Center (NCCIC)
• Cyber incidents only, do not involve physical or pollution effects
Cyber NVIC• Guidelines for Addressing
Cyber Risks at MTSA Regulated Facilities– Guidance on incorporating
computer systems & networks into FSAs & FSPs
– Clarifies 33 CFR 105 & 106– 250+ comments on draft NVIC– Currently under review
TWIC• TSA began issuing new TWIC cards on July 10, 2018
with enhanced efforts to combat counterfeiting
7
TWIC
8
TWIC Reader Rule
• Transportation Worker Identification Credential Accountability Act signed into law August 2, 2018
• Prohibited CG from requiring electronic inspections of TWIC cards until after the Department of Homeland Security submitted an assessment of the TWIC program to Congress
• DHS assessment results awaiting Congressional review
9
Seafarers’ Access• Regulated facilities to
provide a system for seafarers assigned to a vessel at that facility, pilots, and representatives of seafarers’ welfare and labor organizations to board and depart the vessel through the facility in a timely manner and at no cost to the individual.
• Feb 3, 2020 : facility must submit an amendment to FSP describing how it will meet the regulation
• June 1, 2020: system must be in place
10
Facility Compliance
Common Deficiencies:• Recordkeeping/documentation• Facility signage• Hose markings• Secondary containment
11
Chart1
2017
2018
2019
# Deficiencies
Deficiencies Trending Down
300
208
61
Sheet1
# Deficiencies
2017300
2018208
201961
Cyber Awareness Training- 101 level awareness training for familiarity of cyber terms/issues in MTS- Tailored to AMSC audience in the form of a webinar- Available for all audiences- USCG Domestic Ports Division Security Website:
(https://www.dco.uscg.mil/Portals/9/CG-FAC/Videos/Maritime%20Cybersecurity%20Awareness%20-%20May%2016%202018.mp4?ver=2018-05-25-083330-703)
https://www.dco.uscg.mil/Portals/9/CG-FAC/Videos/Maritime%20Cybersecurity%20Awareness%20-%20May%2016%202018.mp4?ver=2018-05-15-083330-703
Cyber Risk Management Emerging Technology / Increased RisksCyber Risk ManagementCyber Risk AwarenessCyber Risk Management Cyber NVICTWICTWICTWIC Reader RuleSeafarers’ AccessFacility ComplianceCyber Awareness Training